Apache Site: www.apache.org
Release: 1.3.9 (Released 20th August 1999)
(local
download sites)
Beta: None
Apache 1.3.9 is the current stable release. Users of Apache
1.3.6 and earlier on Unix systems should upgrade to this
version. Users of Apache on Windows can now upgrade to Apache
1.3.9 avoiding the previous problems with Apache 1.3.6. Read
the Guide
to 1.3.9 for information about changes between 1.3.6 and
1.3.9.
Most bugs listed below include a link to the entry in the
Apache bug database where the problem is being tracked. These
entries are called "PR"s (Problem Reports). Some bugs do not
correspond to problem reports if they are found by
developers.
A number of patches have been made to the 1.3.9 code this
week in preparation for the release of Apache 1.3.10.
-
HPUX binary building fails when building dynamic modules
due to changes made since 1.3.9.
-
HPUX build problems when using ./configure as
the HPUX native compiler requires the addition of the
-Ae flags to ensure that ANSI C can be parsed.
-
Compilation in AIX machines sometimes fails to link due to
problems with dynamic libraries with AIX versions prior to
-
OS/390 builds were failing when DSO support was enabled.
-
suExec should set a umask before invoking a script. A new
option has been added to the configure script,
--suexec-umask. PR#4178
-
Apache can conflict with third-party libraries due to the
export of a symbol named lookup (part of the
Expat XML library). The symbol is renamed to
hashTableLookup in 1.3.10.
-
The ProxyPass code erroneously converted
authentication protection to proxy authentication requests,
causing problems with browsers.
-
Actions set in a Location that didn't correspond to a file
failed.
The next release of Apache will be version 1.3.10, due for
release around the 19th January 2000. The original schedule
was for a public release on the 14th, but this has been
delayed due to a number of significant last minute issues.
There is a common bug report with Apache concerning failed
access control, but the problem is due to incorrect
configuration rather than the Apache code itself. The problem
is quite common because the incorrect example was part of the
original Apache documentation as well being explained in at
least one book.
A typical way to limit resources to particular clients or
users is to use a <Limit> section, such as
this
<Limit GET POST>
...
access restriction directives such as require or allow
...
</Limit>
The effect of the <Limit> section is to
limit the restriction to only the listed methods - GET
and POST in this example. This means that other methods such as
PUT are not subject to the restriction, which is potentially a
security problem. The correct solution is to remove the
<Limit> and </Limit>
lines, making the restriction apply to all request
methods.
Note that while GET, HEAD, POST, and PUT are the commonly
used methods today, other methods have been and can be
defined and used at any time. The above example configuration
would allow these additional methods through as well. This is
particularly important if the restricted area includes CGI
scripts which do not bother to check the method with which
they are called. These CGI scripts should also be fixed, and
Apache Week issue 81 has more information.
Apache Week will be exhibiting at the LinuxWorld Conference
and Expo in New York in February. You'll be able to find
Apache Week's current editor, Mark Cox, on the O'Reilly
network stand, and he'll be on-hand to talk about all things
Apache. The conference runs from February 1st to 4th 2000,
and entry to the exhibits can be obtained with a free pass if
you register today (January 14th 2000) online at www.linuxworldexpo.com.
The second official Apache conference, ApacheCon 2000, takes
place March 8th-10th 2000 in Orlando, Florida. Apache Week is
a sponsor of ApacheCon 2000 and will keep you updated on
conference news between now and March.
You can now register on-line for ApacheCon 2000 using a
credit card and a secure web browser. By registering for the
conference early, ApacheCon are offering a discount of US$225
off the full conference price.
This occasional section contains short announcements of jobs
which require significant Apache experience. If you have a
suitable job announcement, send the text (less than fifty
words) to editors@apacheweek.com.
We reserve the right to refuse or edit any announcement.
Covalent technologies seeks Software Development Engineer
with strong Unix, Internet, programming (C/C++, Java, Tk,
Perl), and Apache skills. Duties may include Apache server
development, PKI cryptography applications, as well as
product development and GUI design.
More information is available.
C2Net Europe seeks self-motivated software engineer with
strong C and Unix skills to work on the Stronghold web server
as well as get involved and contribute directly to the
Apache, mod_ssl, and OpenSSL projects. More information is
available.